Spam Despite Captcha – Local alternatives to Cloudflare/Google Recaptcha?

[JS-Media-Creation]

Is anyone else suddenly getting tons of spam through the GRAV contact form although the basic-captcha seems to work correctly? I’ve already changed the Basic Captcha to the camouflage font and increased the character count. I also tried the math challenge, but nothing seems to help—the bot still solves the Captcha. Any ideas on what else to try without resorting to Cloudflare or Google Recaptcha? Or the technology of the basic-captcha is just not enough anymore?

GRAV: 1.7.46 Form plugin: 7.4.0

Here is my form plugin configuration:

built_in_css: true
inline_css: true
refresh_prevention: false
client_side_validation: true
debug: false
inline_errors: false
modular_form_fix: true
files:
  multiple: false
  limit: 10
  destination: self@
  avoid_overwriting: false
  random_name: false
  filesize: 0
  accept:
    - 'image/*'
recaptcha:
  version: 2-checkbox
  theme: light
  site_key: null
  secret_key: null
turnstile:
  theme: light
  site_key: null
  secret_key: null
basic_captcha:
  type: characters
  chars:
    length: 8
    font: zxx-camo.ttf
    bg: '#e0e0e0'
    text: '#1c1c1c'
    size: 20
    start_x: 15
    start_y: 30
    box_width: 135
    box_height: 40
  math:
    min: 1
    max: 12
    operators:
      - +
      - '-'
      - '*'

[rhukster]

Bots are getting more sophisticated and now use client side scripting and even AI to solve captcha puzzles. Really the only reliable solutions nowadays are ones like recaptcha and turnstile. Form plugin supports both of these natively.